Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
JPEG2000 as a defense against attacks using adversarial examples
Date
2018-10-11
Author
Gündüz, Ayşe Elvan
Temizel, Alptekin
Taşkaya Temizel, Tuğba
Metadata
Show full item record
Item Usage Stats
95
views
0
downloads
Cite This
Adversarial examples have a negative effect on the performance of classifiers which have otherwise good performance on undisturbed images. These examples are generated by adding non-random noise to the test samples in order to fool the classifier. Adversarial attacks use these intentionally generated examples and they pose a security risk to the machine learning based systems. It has recently been shown that JPEG compression is effective against such attacks and classification accuracy on adversarial images is recovered when compression is increased. However, the accuracy drops when quantization becomes too aggressive. In this work, we propose using JPEG2000 as a defense mechanism as does not cause blocking artifacts and allow higher compression
URI
https://hdl.handle.net/11511/87113
DOI
https://doi.org/10.13140/RG.2.2.11531.13605
Conference Name
GPU Technology Conference,9 - 11 October 2018
Collections
Graduate School of Informatics, Conference / Seminar
Suggestions
OpenMETU
Core
The Effects of JPEG and JPEG2000 Compression on Attacks using Adversarial Examples
Temizel, Alptekin; Taşkaya Temizel, Tuğba (2018-03-01)
Adversarial examples are known to have a negative effect on the performance of classifiers which have otherwise good performance on undisturbed images. These examples are generated by adding non-random noise to the testing samples in order to make classifier misclassify the given data. Adversarial attacks use these intentionally generated examples and they pose a security risk to the machine learning based systems. To be immune to such attacks, it is desirable to have a pre-processing mechanism which remove...
Image segmentation based on variational techniques
Duramaz, Alper; Ünver, Baki Zafer; Department of Electrical and Electronics Engineering (2006)
Recently, solutions to the problem of image segmentation and denoising are developed based on the Mumford-Shah model. The model provides an energy functional, called the Mumford-Shah functional, which should be minimized. Since the minimization of the functional has some difficulties, approximate approaches are proposed. Two such methods are the gradient flows method and the Chan-Vese active contour method. The performance evolution in terms of speed shows that the gradient flows method converges to the bou...
End-to-end learned image compression with normalizing flows for latent space enhancement
Yavuz, Fatih; Kamışlı, Fatih; Department of Electrical and Electronics Engineering (2022-9)
Learning based methods for image compression recently received considerable attention and demonstrated promising performance, surpassing many commonly used codecs. Architectures of learning based methodologies are typically comprised of a nonlinear analysis transform, which maps the input image to a latent representation, a synthesis transform that maps the quantized latent representation back to the image domain and a model for the probability distribution of the latent representation. Successful modelling...
Image Annotation by Semi-Supervised Clustering Constrained by SIFT Orientation Information
Sayar, Ahmet; Yarman-Vural, Fatos T. (2008-10-29)
Methods developed for image annotation usually make use of region clustering algorithms. Visual codebooks are generated from the region clusters of low level features. These codebooks are then, matched with the words of the text document related to the image, in various ways. In this paper, we supervise the clustering process by using the orientation information assigned to each interest point of Scale-invariant feature transform (SIFT) features to generate a visual codebook. The orientation information pro...
Dynamic system modeling and state estimation for speech signal
Özbek, İbrahim Yücel; Demirekler, Mübeccel; Department of Electrical and Electronics Engineering (2010)
This thesis presents an all-inclusive framework on how the current formant tracking and audio (and/or visual)-to-articulatory inversion algorithms can be improved. The possible improvements are summarized as follows: The first part of the thesis investigates the problem of the formant frequency estimation when the number of formants to be estimated fixed or variable respectively. The fixed number of formant tracking method is based on the assumption that the number of formant frequencies is fixed along the ...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
A. E. Gündüz, A. Temizel, and T. Taşkaya Temizel, “JPEG2000 as a defense against attacks using adversarial examples ,” presented at the GPU Technology Conference,9 - 11 October 2018, Munich, Germany, 2018, Accessed: 00, 2021. [Online]. Available: https://hdl.handle.net/11511/87113.
